Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
409 views
in Technique[技术] by (71.8m points)

javabeans - How to set request.getParameter in jsp:setProperty

I used beans/form processing to take input parameters on login screen and then with those parameters try and log the user into the application.

However I am getting an error-

org.apache.jasper.JasperException: /loginbean.jsp(6,59) Attribute value request.getParameter("userName") is quoted with " which must be escaped when used within the val

The line of code which has this error is the second line in the block of code given below- (ie line of code for the property with name='userName')

loginbean.jsp

<jsp:useBean id="db" scope="request" class="logbean.LoginBean" >
  <jsp:setProperty name="db" property="userName" value="<%=request.getParameter("userName")%>"/>
  <jsp:setProperty name="db" property="password" value="<%=request.getParameter("password")%>"/>
 </jsp:useBean>

LoginBean.java

package logbean;
public class LoginBean {
  String userName="";
  String password="";
  public String getUserName() {
  return userName;
  }
  public void setUsername(String username) {
  this.userName = userName;
  }
  public String getPassword() {
  return password;
  }
  public void setPassword(String password) {
 this.password = password;
  }
  }
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Here,

<jsp:setProperty name="db" property="userName" value="<%=request.getParameter("userName")%>"/>
<jsp:setProperty name="db" property="password" value="<%=request.getParameter("password")%>"/>

you're attempting to mix scriptlets and taglibs. This is invalid. Use the one or the other. When the userName would contain a doublequote like foo"bar then the value of the JSP tag will basically end up like value="foo"bar". This is syntactically invalid.

Since scriptlets is a dead technology, I'd suggest to just get rid of it altogether. The proper way would be to use EL. In EL, all request parameters are available as a Map<String, String> through the implicit variable ${param}. Make use of it.

<jsp:setProperty name="db" property="userName" value="${param.userName}"/>
<jsp:setProperty name="db" property="password" value="${param.password}"/>

Alternatively, you can also let JSP automagically set all properties as below when all parameter names are the same as property names anyway:

<jsp:setProperty name="db" property="*"/>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...